Bug 198441

Summary: KASAN: need tests that check reports
Product: Memory Management Reporter: Dmitry Vyukov (dvyukov)
Component: SanitizersAssignee: Dmitry Vyukov (dvyukov)
Status: NEW ---    
Severity: enhancement CC: andreyknvl, kasan-dev
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: ALL Subsystem:
Regression: No Bisected commit-id:

Description Dmitry Vyukov 2018-01-10 14:34:29 UTC 
There are 2 serious problems with KASAN tests today:
1. It's unclear if they actually passed or not (e.g. a bug may be not detected, but nothing will "fail").
2. The main result of KASAN work is reports printed on console, their content matters a lot, no tests check that.

We need to convert tests to FileCheck-like format used for user-space sanitizers (i.e. tests need to include desired output, or output that must not appear):
http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/invalid-free.cc?revision=287464&view=markup
And then a script that allows to run all tests, collect console output and check correctness with FileCheck (or anything similar, regexp format is not too complex).
Comment 1 Dmitry Vyukov 2019-03-05 17:27:16 UTC 
*** Bug 202773 has been marked as a duplicate of this bug. ***
Comment 2 Andrey Konovalov 2020-07-04 14:14:43 UTC 
"KUnit-KASAN Integration" patchset [1] (not merged yet) addresses checking whether KASAN is expected to detect a bug for each test.

[1] https://lore.kernel.org/patchwork/project/lkml/list/?series=447332
Comment 3 Andrey Konovalov 2022-09-05 20:32:11 UTC 
Checking the contents of reports can be implemented in the same way as in KFENCE, see probe_console().
Comment 4 Andrey Konovalov 2022-09-05 20:38:35 UTC 
Arguably, this bug is duplicate of https://bugzilla.kernel.org/show_bug.cgi?id=212203.
Comment 5 Andrey Konovalov 2022-12-24 01:53:25 UTC 
KASAN tests have been switched to using console tracepoints in [1].

The next step is to implement the tests' contents checks.

Note: for use-after-realloc tests (including kmalloc_uaf3), the checks must ensure that the alloc/free stack traces point to the right alloc/free.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7ce0ea19d50e4e97a8da69f616ffa8afbb532a93